Microsoft's $5 million fund for rewarding informants for leads on virus attacks has snagged its first success with the arrest of a man in Germany who has confessed to the release of the Sasser worm, the software giant said Saturday.

In what the company called a "coordinated multinational law enforcement effort," information provided to Microsoft by informants led local authorities to arrest the 18-year-old unnamed resident of Rotenburg, Germany, only a week after the original Sasser virus had been released.

News.context

What's new:
Microsoft's $5 million fund for rewarding informants for leads on virus attacks may have snagged its first success in the arrest of a suspect in the Sasser worm case.

Bottom line:
Security experts said this could be the single biggest arrest yet in the campaign against the computing underground responsible for hatching worms and viruses, which has proved difficult for law enforcement to crack.

"Within 48 hours of the informants' coming forward, our investigators and the German police were able to identify the perpetrator of the Sasser virus and to take him into custody," said Brad Smith, general counsel for Microsoft. "This individual is responsible, we believe, for all four variants of the Sasser virus."

The arrest brings a quick end to the latest worm incident. The week-old worm has slowed its spread, as companies clean up existing infections. The worm and its three known variants have compromised hundreds of thousands of computers running Microsoft Windows, though some estimates put the number of infected systems in the low millions.

The arrest is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses. While Microsoft has offered three rewards for $250,000 each for those who were responsible for the havoc caused by the MSBlast worm, the Sobig virus and the MyDoom virus, no arrests in those cases have yet been made. The arrest of the author of a minor variant of the MSBlast worm predated the award program.

While Microsoft had not announced any reward for information about the person or group that released, and presumably wrote, the Sasser worm, the informants approached the software giant's German office on Wednesday and inquired about whether such a cash award would be paid.

Smith would not comment on whether there may be additional arrests, but he confirmed the investigation is ongoing.

"Aware of this program, individuals in Germany approached Microsoft investigators," Smith said. "We did not hesitate and made a decision to offer a reward of $250,000."

Smith wouldn't say how many people came forward, except to indicate it was fewer than five. Moreover, while he would not comment on whether a relationship existed between the Sasser suspect and the informants, he did say that they both live in the same part of Germany.

"These were individuals who were aware of who the perpetrator was; they did not stumble upon this because of technical analysis," Smith said.

Get Up to Speed on...Enterprise securityGet the latest headlines andcompany-specific news in ourexpanded GUTS section.

Moreover, security experts and German police believe that the author of Sasser also created several, if not all, variants of Netsky, a mass-mailing computer virus. At least one version of that virus was signed by what seemed to be a group of programmers calling itself the Skynet Antivirus Team.

"All these worms have been highly disruptive and complex, suggesting that the author isn't working alone," he said. "Seizing this man's computers could provide the vital clues that will bring down the infamous Skynet virus-writing gang. We would not be surprised if more
arrests follow in due course."

Microsoft also said that several new virus research techniques that the software giant has developed over the past year have played a key role in identifying the author and verifying the data provided by the informants.

The message for virus writers is that they are not safe from the law, Smith said.

"I do think that the fast action in this case does send a message to people who are thinking of launching or creating malicious viruses and worms," he said. "And that is, we together with law enforcement can and will identity (individuals) who launch malicious code on the Internet. And law enforcement can and will bring them to justice regardless of where they are in the world."

Leave it to PR to call this a success but the fact is that there's still plenty of oppurtunity out there to cause more havoc.

In all a true Microsoft tradition. Fight symptoms rather then causes because it looks better on paper.

In other words, not even a $10M reward will make the problems related to Microsoft's insecure products go away. And let's be honest, even $10M would be nothing more then pocket change for Microsoft and still a whole lot cheaper (at least for them) then rewriting their insecure products into more secure versions.

Maybe one day the idea will sink in that things happen for no other reason then because they can. It's just to easy.

It could be that I was one of the "lucky people" in the UK to become the first victim to the Sasser Worm a couple of weeks ago. Whatever, I couldnt find any resources about its origin, damage or repair at that time.

Even so, as a software developer and IT company director I think it is highly amusing that (a) People can be prosecuted for exploiting the proffesional incompetencies of software empires, and (b) the same software empires would offer a reward to prosecute individuals that should exploit their badly built products....

Its like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty....

No, it is not "like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty." It is like some malevolent jerk finding a small space in the undercarriage of a Lexus and running around planting bombs in all the Lexus' on the planet blowing them up. Then Lexus offers every Lexus owner a free piece of metal to cover the opening, along with prosecuting the malevolent jerk who blew up all the Lexus owners. The victim of the crime is not Lexus, it is individual people who own the cars, and the perpetrator didn't attack Lexus, he attacked each individual who owned a Lexus.

There should be class action lawsuits against the jerk(s) who create computer viruses brought by all system owners who are infected -- and the punishment should be 10 minutes in jail for each infected system. Let's see... if you infect 1 million systems, that would be... just over 19 years. Sounds good to me. And while they are in jail, they should be writing helpful freeware -- with time off for each good program they provide for the world.

My take on this is that the informants knew theauthor. If that is the case they will most likely be charged as co-defendents, and I really don't think that Microsoft will pay the author(s)of a damaging virus. I also agree, that wheneversomeone find a security flaw in anyone's software, that company has the responsibility to immediately inform the public and issue a fix for the problem.

I agree that the informants probably knew the Sasser's creator and that the possibility of them being charged as co-defendants is a real one.

What I don't agree with is this big-brotherish attitude that it is a person's, or a corporation's duty to hand over intellectual property (a.k.a. security flaws and fixes) for free to the general population.

It takes a tremendous amount of work to find both security flaws and their solutions, and very few people worth their weight are going to offer there time and effort without some sort of compensation.

In addition, If the persons involved in handing over information vital to the arrest of the suspect are charged as co-defendants, it is quite likely that people will think twice about offering information leading to arrests in the future.

kid was able to wreak such havoc with a product written by "professionals". Probably very high paid professionals. I think this is just another testament to how unprofessional Microsoft and their products actually are.

Microsofts products are nothing but Mickey Mouse.

Microsoft needs to be sued for every dollars worth of damage that was made possible by their pooor excuse for software. Their OS has not been the only dangerous product. Every product they have sold which "listens" ocer the Internet has been a source of great pain and suffering by trusting consumers. Microsoft should be held accountable for this pain and suffering.

And, what evidence do we have that this person is the penner? The word of someone whose first question was how much do I get paid?

I agree with Bill Brock. He's right about Windows being cr**. We pay Microsoft $300 to give us an OS written by some hi-priced key-typers which some 18 year old kid took advanage of. We shouldn't have to deal with kind of junk, this is why i hold faith for Apple. Their OS and hardware far surpass any Windows hardware or OS. They may lack in a few area's, which is acceptable, but compared to Microsoft they're rock hard OS's.I understand that these guys are out to mess with our computers and just mess up our day. But, these are the digital artists who can make a program do amazing things through a tiny software hole. Very few people understand the skill it takes to make a virus. Microsoft shouldn't put these people into jail, but make them work off their debt. They could catch people and get them to hack the latest verson of windows, fix it, then relase it. Wouldn't that make more sence than this "f***'em! put them in jail" aditude? Free OS testing and then less problems to deal with? Oh wait, i just gave another billion dallors to Gates. I think we should all get together and sue him, wouldn't that be a hoot? lol. But then he'll get his high-priced laywers on us and we're dead. Hence all the digital attacks on him, can't sue a computer can he now? Well i'm just some teenager with big idea's for the internet, no one listens to me anyway. HA, i bet this won't even make it through filtering and it will be taken down. But you just wait, Gates will be the demise of his own world. Soon the furits of Apple will be ripe for picking. Ever notice that apple systems are very sercure? Maybe it has to do with it's founder being a hacker himself.

This is in my 15 minutes of checking out this news forum has been one of the most uneducated and non-professional areas that I have ever been to. I cannot believe that the majority of the people here are complaining that this is a Microsoft Corporations problem. This problem does not start with the company itself it is the people on the Internet who does not respond to the term "CRITICAL UPDATE". The vulnerability patch for worms like sasser has been out since early April and it is NOT Microsofts fault in any way that the entire world got infected. As a matter of fact I am managing a MS Network that has all critical updates done by the Software Update Server which Microsoft made available for download to help out Net Admins with this very problem. I do not understand how all of you here can say that Microsofts method has not been rock solid because of tools like the Software update Sevices. It is proposterous to hear professionals whine about how you or anyone else didnt get the job done. At the end of the day it is no ones fault but your own when problems occur like with the sasser worm. I hope they bury this guy under the jail to make an example to future authors of this nature.

Well we have all be hit by the lastest virus, or not as the case may be.

I have read with interests comments that how can an 18 year old child do this much damage? When Microsoft have all these highly paid profesionals.

Am i a Microsoft fan? Yes and No. YES. We use Microsoft on all of our machines and it works very well.Is there a viable different option? No. We demand more and more out of our machines and we demandthat Microsoft deliver it fast. We don't want to wait. NO. I hate the demands by users for bigger andfaster machines to run the new systems. This is just evolution.

If you got burgled would you blame the police. Or would you learn from your experiences? Critical updatesis the same as the crime provention officer. It tells you of new problems and how to address them.

We could always wait for Microsoft to provide a totally secure bug free system. Would we wait. NO! we allwant it now. Not in 5 years.

With correctly configured firewalls, upto date virus checkers and a little commmon sence, all of these problemsgo away. Would you blame the police if you left your keys in the front door? Would you blame the policeif you friendly next door neighbour told the burglars you kept a key under the door mat? NO! Of cource youwould not. So why blame Microsoft?

If we act responsabily and manage our systems correctly. The spread of viruses would be reduced. If the writersof all these viruses realised they are not going to get as big an impact, they would go away. Its only "fun"whilst it has a major impact.

I have written this to provoke thought! Not to start a major discsion on the topic. I will sign off withthe following statement. We did not get the Saaser worm. We did not have the critical updates. We did not have thelastest service packs. We did not have the latest virus definitions. We DID HAVE total network security from theoutside. Think! LOCK THE DOORS.

Report offensive content:

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

E-mail this comment to a friend.

E-mail this to:

Note: Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipients's address will be used for any other purpose.